Phishing Attacks Target Duke Users

Clicking on attachment installs Cryptolocker 'ransomware'

Duke was targeted by two phishing attacks this week when users received fraudulent messages containing a file attachment that, if opened, installed a piece of "ransomware" called Cryptolocker.

The first email, sent earlier this week, had the subject line, "RE: Annual Form - Authorization to Use Privately Owned Vehicle on State Business." A similar message, titled "Message from Admin Scanner," was sent Friday morning. Cryptolocker is malware designed to encrypt all of a user's files and then demand a payment to unlock the files.If you received the message and opened the attachment, please contact your local IT support or Duke's IT security offices immediately: Duke University IT Security Office at or Duke Medicine Information Security Office at

The best ways to protect yourself against such attacks are to:

  • Be vigilant about opening attachments in emails and use extreme caution when opening .zip file attachments in email. Unless you were expecting to receive the file, and/or can verify with the sender that it's legitimate, do not open the .zip file.
  • Work with your local IT staff or Duke's IT security staff to ensure that you have Symantec anti-virus software installed.